Re: [qubes-users] Re: Qubes OS 4.0 without IOMMU
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Sep 16, 2017 at 12:46:35PM -0700, damm swing wrote: > By the way, is it possible that some AppVM could compromise NetVM (e.g. by a > hypothetical bug in Xen net backend) and then use the DMA attack? Yes, it is theoretically possible. See for example here: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-023-2015.txt - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZwD1jAAoJENuP0xzK19cscIwH/AqpD+R6Ro2KWY2AVK1wfoSG igZOQMYVwzwa4bRvisoYtd1xn1/1e4yL7BWwmwKjEr5RhkTa5hI3+qOCw7DW7znU zkHNwh3yEYBr52d4RWWMtDYGC01Kv+66zvZlCsetbmbyn768ltpyndQzyUgVDBOw Z5zD61r+kTxg4YsIZuwfbtsyyKgfC2gEjQRYjr417V/RYINgcOl8XSlcEBClWssM tqZZcAQ4DCzFakyZZI2cgxgW4Wn/3u7UJbO7TS5TCe/qaUq0YVBc1FMus32v4BxN vgZ+XX+ZFb64hJwotPLP3u4R8VSWyOL/2ichE/snID5VUbw5o2oEOMdXLs6EFdo= =0CkL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170918214054.GA10540%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS 4.0 without IOMMU
On Friday, September 15, 2017 at 11:44:58 PM UTC+2, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Fri, Sep 15, 2017 at 08:58:22AM -0700, damm swing wrote: > > On Friday, September 15, 2017 at 12:42:12 AM UTC+2, Damm Swing wrote: > > > On Thursday, September 14, 2017 at 11:12:26 PM UTC+2, Yethal wrote: > > > > W dniu czwartek, 14 września 2017 21:22:52 UTC+2 użytkownik damm swing > > > > napisał: > > > > > Hello, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Will it be possible to use the final version of Qubes OS 4.0 (at your > > > > > own risk) on hardware without IOMMU (only with SLAT)? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Regards > > > > > > > > PCI assignment won't work without IOMMU so no sys-net and no sys-usb > > > > > > Is there no way to force PV mode in PCI VMs? > > > > I found some sentence about that: "The new Core Stack allows one to do this > > with the flip of a switchproperty" > > https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/ > > Yes, it is possible to switch sys-net and sys-usb to PV, but even for PV > IOMMU makes a great difference. See here: > https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-d > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJZvEnSAAoJENuP0xzK19csQ4EH/1feU2j6eYUvRN0WBlwDtYdb > 8PvF3Qk/nXuYRIzBjQ2ykHc6MsX4YQdvRU1gI90JdHX+5y6PSrKGGm8O5AWxhRp6 > Xl1Ev5Xs5vV8wCjcYp9FVpMmD+aGx06CtHaWkhQkMe7rhSxcoxASBZiMNvCl/kWC > D4wZ2Hvg5Fp3LqiEHfx3Kei8OSqnd/UaVRnLcMSkQ4B64ilkJbT036AbNNYCN0wW > saTSOxzEHzSrLvBvBm50n7v7f+jJCxnGPeeWxdW9dWXyXdAThTiKk/RtYp+0ZYv3 > /FNdvNhJ24kjF7KE1NffHGVoYY4veoGISfV/TSeQ86GIjxF98yaV0ji0UonRYIo= > =aHth > -END PGP SIGNATURE- Thank you for your answer. By the way, is it possible that some AppVM could compromise NetVM (e.g. by a hypothetical bug in Xen net backend) and then use the DMA attack? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f8d45cb-653a-4735-9307-b3d4ce54c101%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS 4.0 without IOMMU
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Sep 15, 2017 at 08:58:22AM -0700, damm swing wrote: > On Friday, September 15, 2017 at 12:42:12 AM UTC+2, Damm Swing wrote: > > On Thursday, September 14, 2017 at 11:12:26 PM UTC+2, Yethal wrote: > > > W dniu czwartek, 14 września 2017 21:22:52 UTC+2 użytkownik damm swing > > > napisał: > > > > Hello, > > > > > > > > > > > > > > > > > > > > > > > > Will it be possible to use the final version of Qubes OS 4.0 (at your > > > > own risk) on hardware without IOMMU (only with SLAT)? > > > > > > > > > > > > > > > > > > > > > > > > Regards > > > > > > PCI assignment won't work without IOMMU so no sys-net and no sys-usb > > > > Is there no way to force PV mode in PCI VMs? > > I found some sentence about that: "The new Core Stack allows one to do this > with the flip of a switchproperty" > https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/ Yes, it is possible to switch sys-net and sys-usb to PV, but even for PV IOMMU makes a great difference. See here: https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-d - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZvEnSAAoJENuP0xzK19csQ4EH/1feU2j6eYUvRN0WBlwDtYdb 8PvF3Qk/nXuYRIzBjQ2ykHc6MsX4YQdvRU1gI90JdHX+5y6PSrKGGm8O5AWxhRp6 Xl1Ev5Xs5vV8wCjcYp9FVpMmD+aGx06CtHaWkhQkMe7rhSxcoxASBZiMNvCl/kWC D4wZ2Hvg5Fp3LqiEHfx3Kei8OSqnd/UaVRnLcMSkQ4B64ilkJbT036AbNNYCN0wW saTSOxzEHzSrLvBvBm50n7v7f+jJCxnGPeeWxdW9dWXyXdAThTiKk/RtYp+0ZYv3 /FNdvNhJ24kjF7KE1NffHGVoYY4veoGISfV/TSeQ86GIjxF98yaV0ji0UonRYIo= =aHth -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170915214451.GC15973%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS 4.0 without IOMMU
On Friday, September 15, 2017 at 12:42:12 AM UTC+2, Damm Swing wrote: > On Thursday, September 14, 2017 at 11:12:26 PM UTC+2, Yethal wrote: > > W dniu czwartek, 14 września 2017 21:22:52 UTC+2 użytkownik damm swing > > napisał: > > > Hello, > > > > > > > > > > > > > > > > > > Will it be possible to use the final version of Qubes OS 4.0 (at your own > > > risk) on hardware without IOMMU (only with SLAT)? > > > > > > > > > > > > > > > > > > Regards > > > > PCI assignment won't work without IOMMU so no sys-net and no sys-usb > > Is there no way to force PV mode in PCI VMs? I found some sentence about that: "The new Core Stack allows one to do this with the flip of a switchproperty" https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1a535519-9b3b-49b4-ac50-bf79daa62b0f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS 4.0 without IOMMU
On Thursday, September 14, 2017 at 11:12:26 PM UTC+2, Yethal wrote: > W dniu czwartek, 14 września 2017 21:22:52 UTC+2 użytkownik damm swing > napisał: > > Hello, > > > > > > > > > > > > Will it be possible to use the final version of Qubes OS 4.0 (at your own > > risk) on hardware without IOMMU (only with SLAT)? > > > > > > > > > > > > Regards > > PCI assignment won't work without IOMMU so no sys-net and no sys-usb Is there no way to force PV mode in PCI VMs? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c3d403a-c18e-4d16-b1f8-f2f19811157f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS 4.0 without IOMMU
W dniu czwartek, 14 września 2017 21:22:52 UTC+2 użytkownik damm swing napisał: > Hello, > > > > > > Will it be possible to use the final version of Qubes OS 4.0 (at your own > risk) on hardware without IOMMU (only with SLAT)? > > > > > > Regards PCI assignment won't work without IOMMU so no sys-net and no sys-usb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/40c4f7be-7589-478b-bf46-9346879f3829%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
